A python program P running on server S1, listening port 8443. Some other services can send id_isa, ip pair to P. P could use this pair and make a ssh connection to the ip (create a ssh process).
How to make protect the id_rsa file even the machine S1 is cracked ? How to let root user can’t get the id_rsa content (It seems ssh can use -i keyfile only)?
The main problem is P must save the id_rsa file to the disk,so that ssh can use it to conect to the ip.